Sametime 11 proxy confiuration SSO
I'm looking for the complete instruction to configure a Sametime server
and a Sametimeproxy server. Of course I have red the standard manual but
that's not enough for me.
The proxy server is running in the DMZ and has an URL sametime.mydomain.com
and the sametime server is internal sametimep1.mydomain.local
For the proxy server I didn't configure an IDP url. Both servers
can communicate with each other but now I have to configure SSO?!
First of all:
- how can I check if a LtpaToken is correct?
A LtpaToken is for a domain like mydomain.com but how to combine this with the local sametime server
which is in the mydomain.local domain?
then what are the steps to complete the configuration of both server ?
The proxy server can also communicate with the MongoDB server.
Sametime chat server is functioning properly and the proxy server doesn't show error's in the catalina.out log.
PS: The Sametime proxy login shows: Sametime is temporarily unavailable.
Hi, did you add the IP/Hostname from the Proxy Server to the Trusted Servers in the Community Configuration ?
Community Trusted IPS now has the ip of my sametime proxy server
After a Domino/Sametime server restarted
Still get the following message in the login screen:
Sametime is temporarily unavailable.
I found the Catalina log (in the log directory of the proxy server) helpfull to figure out what issue was causing this issue.
(in my case a keystore issue)
Hi, which ports are opened from the ST Proxy to the ST Community Server ?
All ports are currently open. Both sametime server - and mongodb server doesn't have the firewall running.
For the moment I switched the proxy back to domain.local therefore all machines are in de same domain but still no luck. If there is no LtpaToken for domain.local is it still possible to use the proxy?
AFAIK you'll have a LTPAToken
Ok, I will start to experiment with that.
Have you seen this:
https://www.rhpconsult.com/blog/richard/entry/sametime-11-with-proxy-server
Some hints might help you.
1) There are no settings generally required on the Sametime Proxy for SSO. The Sametime Proxy will automatically scope the LTPATokens that are generated on the Community server to the domain the browser is in.
IOW, if you hit STProxy.mydomain.com - the LTPATokens will be scoped to .mydomain.com, if you hit stproxy.mydomain.local - they will be scoped to mydomain.local.
If you are not seeing that - please open a case so that I can review.
You do not need to set the Community servers SSO doc 'domain' to match - as this setting is used by the Domino servers for Domino HTTP transactions - Sametime does not use this.
The fact that you are getting logged into STproxy and things are working shows that this configuration is fine.
2) Ports -
a) HTTP(s) ports open to your users - 8443 and 8080 by default, 80/443 if you modify them to the STProxy.
b) From STProxy to Community - 1516, be sure the STproxy IP address is in the trustedIP list of Community.
c) From STproxy to MongoDB - 27017 (default).
Thats it.
I would need to see logs to determine why the "Sametime Is temporarily unavailable", please open a case if you are still having issues there.
let me know if you have more questions.
I will create a case because everything looks fine. When logging in at the web page the Notes sametime connection is broken, this means there is an action going on but still: "Sametime Is temporarily unavailable"
The problem described is allready quite a while ago but I have started a complete new configuration.
The hole configration looks fine but then again got the message: "Sametime is temporarily unavailable" After this the sametime.ini file on the community server is changed. I added two lines under [AuthToken]
ST_ORG_NAME=yourorganization
ST_TOKEN_TYPE=LtpaToken
Restarted the server and now everything works fine.
Hope this helps for you.